mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 11:23:45 +00:00
Merge branch 'WDAC-Docs' of https://github.com/jsuther1974/windows-docs-pr into WDAC-Docs
This commit is contained in:
jsuther1974
@ -3,7 +3,7 @@ title: App Control for Business and .NET
|
||||
description: Understand how App Control and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 02/13/2025
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# App Control for Business and .NET
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App Control for Business design guide
|
||||
description: Microsoft App Control for Business allows organizations to control what apps and drivers will run on their managed Windows devices.
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App Control for Business Wizard Base Policy Creation
|
||||
description: Creating new base App Control policies with the App Control Wizard.
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App Control for Business Wizard Supplemental Policy Creation
|
||||
description: Creating supplemental App Control policies with the App Control Wizard.
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Editing App Control for Business Policies with the Wizard
|
||||
description: Editing existing base and supplemental policies with the Microsoft App Control Wizard.
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App Control for Business Wizard Policy Merging Operation
|
||||
description: Merging multiple policies into a single App Control policy with the App Control Wizard.
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App Control for Business Wizard App Control Event Parsing
|
||||
description: Creating App Control policy rules from the App Control event logs and the MDE Advanced Hunting App Control events.
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: App Control for Business Wizard
|
||||
description: The App Control for Business policy wizard tool allows you to create, edit, and merge App Control policies in a simple to use Windows application.
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: conceptual
|
||||
ms.topic: article
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Policy creation for common App Control usage scenarios
|
||||
description: Develop a plan for deploying App Control for Business in your organization based on these common scenarios.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 01/31/2025
|
||||
ms.topic: conceptual
|
||||
ms.topic: install-set-up-deploy
|
||||
---
|
||||
|
||||
# App Control for Business deployment in different scenarios: types of devices
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Create an App Control policy for fully managed devices
|
||||
description: App Control for Business restricts which applications users are allowed to run and the code that runs in system core.
|
||||
ms.topic: conceptual
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/11/2024
|
||||
---
|
||||
@ -10,12 +10,12 @@ ms.date: 09/11/2024
|
||||
|
||||
[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
|
||||
|
||||
This section outlines the process to create an App Control for Business policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
|
||||
This section outlines the process to create an App Control for Business policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md) is that all software that's deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
|
||||
|
||||
> [!NOTE]
|
||||
> Some of the App Control for Business options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
|
||||
|
||||
As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices.
|
||||
As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices.
|
||||
|
||||
**Alice Pena** is the IT team lead tasked with the rollout of App Control.
|
||||
|
||||
@ -55,7 +55,7 @@ Having defined the "circle-of-trust", Alice is ready to generate the initial pol
|
||||
Alice follows these steps to complete this task:
|
||||
|
||||
> [!NOTE]
|
||||
> If you do not use Configuration Manager or prefer to use a different [example App Control for Business base policy](example-appcontrol-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy.
|
||||
> If you don't use Configuration Manager or prefer to use a different [example App Control for Business base policy](example-appcontrol-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy.
|
||||
|
||||
1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11.
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use the Smart App Control policy to build your starter base policy
|
||||
description: App Control for Business restricts which applications users are allowed to run and the code that runs in the system core.
|
||||
ms.topic: conceptual
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 03/09/2025
|
||||
---
|
||||
|
||||
@ -3,7 +3,7 @@ title: Plan for App Control policy management
|
||||
description: Learn about the decisions you need to make to establish the processes for managing and maintaining App Control for Business policies.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/11/2024
|
||||
ms.topic: conceptual
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Plan for App Control for Business lifecycle policy management
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand App Control script enforcement
|
||||
description: App Control script enforcement
|
||||
ms.manager: jsuther
|
||||
ms.date: 09/11/2024
|
||||
ms.topic: conceptual
|
||||
ms.topic: concept-article
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
@ -12,7 +12,7 @@ ms.localizationpriority: medium
|
||||
[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Option **11 Disabled:Script Enforcement** is not supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and should not be used on those platforms. Doing so will result in unexpected script enforcement behaviors.
|
||||
> Option **11 Disabled:Script Enforcement** isn't supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and shouldn't be used on those platforms. Doing so will result in unexpected script enforcement behaviors.
|
||||
|
||||
## Script enforcement overview
|
||||
|
||||
@ -23,7 +23,7 @@ Validation for signed scripts is done using the [WinVerifyTrust API](/windows/wi
|
||||
App Control shares the *AppLocker - MSI and Script* event log for all script enforcement events. Whenever a script host asks App Control if a script should be allowed, an event is logged with the answer App Control returned to the script host. For more information on App Control script enforcement events, see [Understanding App Control events](../operations/event-id-explanations.md#app-control-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects).
|
||||
|
||||
> [!NOTE]
|
||||
> When a script runs that is not allowed by policy, App Control raises an event indicating that the script was "blocked." However, the actual script enforcement behavior is handled by the script host and may not actually completely block the file from running.
|
||||
> When a script runs that isn't allowed by policy, App Control raises an event indicating that the script was "blocked." However, the actual script enforcement behavior is handled by the script host and may not actually completely block the file from running.
|
||||
>
|
||||
> Also be aware that some script hosts may change how they behave even if an App Control policy is in audit mode only. You should review the script host specific information in this article and test thoroughly within your environment to ensure the scripts you need to run are working properly.
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand App Control for Business policy rules and file rules
|
||||
description: Learn how App Control policy rules and file rules can control your Windows 10 and Windows 11 computers.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/11/2024
|
||||
ms.topic: conceptual
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
# Understand App Control for Business policy rules and file rules
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understand App Control for Business policy design decisions
|
||||
description: Understand App Control for Business policy design decisions.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/11/2024
|
||||
ms.topic: conceptual
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
# Understand App Control for Business policy design decisions
|
||||
|
||||
@ -3,7 +3,7 @@ title: Understanding App Control for Business secure settings
|
||||
description: Learn about secure settings in App Control for Business.
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/11/2024
|
||||
ms.topic: conceptual
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
# Understanding App Control Policy Settings
|
||||
|
||||
Reference in New Issue
Block a user